SPLK-COREUSR - Splunk Core User

A Splunk Core Certified User is able to search, use fields, create alerts, use look-ups, and create basic statistical reports and dashboards in either the Splunk Enterprise or Splunk Cloud platforms. This optional entry-level certification demonstrates an individual's basic ability to navigate and use Splunk software.

Duration: 3.0 days

Enquire Now

Schedule

Virtual ILT | 12 Dec 2022 - 14 Dec 2022 India

Start learning today!

Click Hereto customize your Training

Objectives

Please refer to the course overview

Content

Module 1 - Working with Time

Topic 1 – Searching with Time

  • Understand the_time field and timestamps
  • View and interact with the event Timeline
  • Use the earliest and latest time modifiers
  • Use the bin command with the _time field

Topic 2 – Formatting Time

  • Use various date and time eval functions to format time

Topic 3 – Using Time Commands

  • Use the timechart command
  • Use the timewrap command

Topic 4 – Working with Time Zones

  • Understand how time and timezones are represented in your data
  • Determine the time zone of your server
  • Use strftime to correct timezones in results

Module 2 - Statistical Processing

 Topic 1 – What is a Data Series

  • Introduce data series
  • Explore the difference between single-series, multi-series, and time series data series

Topic 2 – Transforming Data

  • Use the chart, timechart, top, rare, and stats commands to transform events into data tables
  • Explore search modes and their effect on search results

Topic 3 – Manipulating Data with eval Command

  • Understand the eval command
  • Explore and perform calculations using mathematical and statistical eval functions
  • Perform calculations and concatenations on field values
  • Use the eval command as a function with the stats command

Topic 4 – Formatting Data

  • Use the rename command
  • Use the sort command

Module 3 - Leveraging Lookups and Subsearches

Topic 1 – Using Lookup Commands

  • Understand lookups
  • Use the inputlookup command to search lookup files
  • Use the lookup command to invoke field value lookups
  • Invoke geospatial lookups in search

Topic 2 – Adding a Subsearch

  • Define subsearch
  • Use subsearch to filter results
  • Identify when to use subsearch
  • Understand subsearch limitations and alternatives

Topic 3 – Using the return Command

  • Use the return command to pass values from a subsearch
  • Compare the return and fields commands

Module 4 - Search Optimization

Topic 1 – Optimizing Search

  • Understand how search modes affect performance
  • Examine the role of the Splunk Search Scheduler
  • Review general search practices

Topic 2 – Report Acceleration

  • Define acceleration and acceleration types
  • Understand report acceleration and create an accelerated report
  • Reveal when and how report acceleration summaries are created
  • Search against acceleration summaries

Topic 3 – Data Model Acceleration

  • Understand data model acceleration
  • Accelerate a data model
  • Use the datamodel command to search data models

Topic 4 – Using the tstats Command

  • Explore the tstats command
  • Search acceleration summaries with tstats
  • Search data models with tstats
  • Compare tstats and stats

Module 5 - Enriching Data with Lookups

Topic 1 – What is a Lookup?

  • Define a lookup ad the default lookup types
  • Lookups and the search-time operation sequence

Topic 2 – Creating Lookups

  • Use file-based lookups at search time
  • Create (upload, define, configure) a lookup
  • Use an automatic lookup at search

Topic 3 – Geospatial Lookups

  • Understand geospatial lookups and KMZ/KML files
  • Add and define a geospatial lookup

Topic 4 – External Lookups

  • Understand external lookups
  • Explore the default lookups, external_lookup.py
  • Configure external lookups

Topic 5 – KV Store Lookups

  • Introduce KV Store lookups
  • Configure KV Store lookups
  • Compare file-based CSV lookups to KV Store lookups

Topic 6 – Best Practices for Lookups

  • Various best practices for using lookups

Module 6 - Data Models

Topic 1 – Introducing Data Model Datasets

  • Understand data models
  • Add event, search, and transaction datasets to data models
  • Identify event objects hierarchy and constraints
  • Add fields based on eval expressions to transaction datasets

Topic 2 – Designing Data Models

  • Create a data model
  • Add root and child datasets to a data model
  • Add fields to data models
  • Test a data model
  • Define permissions for a data model
  • Upload/download a data model for backup and sharing

Topic 3 – Creating a Pivot

  • Identify benefits of using Pivot
  • Create and configure a Pivot
  • Visualize a Pivot
  • Save a Pivot
  • Use Instant Pivot
  • Access underlying search for Pivot

Topic 4 – Accelerating Data Model

  • Understand the difference between ad-hoc and persistent data model acceleration
  • Accelerate a data model
  • Describe the role of tsidx files in data model acceleration
  • Describe the role of tsidx files in data model acceleration
  • Review considerations about data model acceleration

Topic 5 – Enriching Data

  • Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data

Audience

The course is intended for students or anyone who wants to learn the basics of Splunk

Prerequisites

  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations

Certification

product-certification

Splunk Core Certified User

Course Benefits

product-benefits
  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges

Splunk Popular Courses

splk-dyd

This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

splk-introdyd

This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.

splk-lls

This course will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources

splk-wtime

This course will focus on searching and formatting time in addition to using time commands and working with time zones.
Enquire Now
 
 
 
 
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy